|
861
|
8.8 |
HIGH
Network
|
-
|
-
|
Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which f…
New
|
CWE-415
Double Free
|
CVE-2026-23918
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
7.5 |
HIGH
Network
|
-
|
-
|
Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial …
Update
|
CWE-617
Reachable Assertion
|
CVE-2025-56568
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request
Update
|
CWE-20
CWE-400
Improper Input Validation
Uncontrolled Resource Consumption
|
CVE-2025-46115
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
9.8 |
CRITICAL
Network
|
cpanel
|
cpanel
whm
wp_squared
|
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-41940
|
2026-05-5 03:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
6.5 |
MEDIUM
Network
|
gnu
|
glibc
|
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing…
Update
|
CWE-126
Buffer Over-read
|
CVE-2026-6238
|
2026-05-5 02:57 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in th…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-42090
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
9.8 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can es…
New
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24781
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
9.8 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and…
New
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24118
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
7.5 |
HIGH
Network
|
xwiki
|
cryptpad
|
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-51846
|
2026-05-5 01:52 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
8.8 |
HIGH
Network
|
progress
|
moveit_automation
|
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before …
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-5174
|
2026-05-5 01:47 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
